Computing devices are vulnerable to a variety of software attacks. As secure services, such as near field communication (NFC) payment applications and mobile wallets, become increasingly popular on computing devices such as smartphones, tablets, etc., there is a preference for greater, and more interactive, security that will allow an individual to securely use a computing device to authenticate to those services.
Modern computing devices are often controlled based on a system-on-a-chip (SoC) approach. The SoC approach allows for secure and non-secure portions, with the secure portion hardware isolated from the non-secure portion. As an example, within a central processing unit (CPU), software may either reside in the secure portion or the non-secure portion, with a switch between these two portions accomplished by a secure monitor, such as an application processor, or by specific hardware, such as a microcontroller. This concept of secure (trusted) and non-secure (non-trusted) portions extends, beyond the CPU, the memory associated with the CPU and the software, to include transactions on a bus, interrupts and peripheral functions within a SoC.
Isolation technology within application processors is commonly used to run a trusted boot sequence and a trusted operating system (OS) to, thereby, create a Trusted Execution Environment (TEE). Typical use cases include the protection of authentication mechanisms, cryptography and Digital Rights Management (DRM). Applications that run in the secure portions may be called “Trusted Apps.”
The TEE may be considered to be a secure area that resides in the main processor of a mobile device and allows for sensitive data to be stored, processed and protected. The TEE allows for execution of Trusted Apps, thereby allowing the TEE to provide end-to-end security through the enforcement of protection, confidentiality, integrity and data access rights. The TEE may be considered to be an environment well suited to hosting mobile wallet and payment applications, in that the TEE offers more security than the rich operating system and more functionality than a secure element (SE).
The ability to control a user interface (UI) from a TEE is important. A UI that is controlled from a TEE may be called a “trusted UI.” Beneficially, a trusted UI need not communicate with a high-level operating system (HLOS) to arrange presentation of information or to gather input. Information for which a UI would arrange presentation may, for one example, include a prompt for a personal identification number (PIN). Information for which a UI would arrange presentation may, for another example, include a secure code. Input that a UI would gather may, for one example, include a PIN. Conveniently, when a trusted UI maintains sensitive information in a TEE, the sensitive information is maintained more securely than the sensitive information would be maintained if the sensitive information was shared with the HLOS.
For a device that typically executes a secure UI, malware may attempt to present, on the device, an imitation secure UI. When an apparently secure UI is presented on a device, it would be helpful for a user to be able to distinguish a truly secure UI, which is controlled by the TEE, from an imitation secure UI, which is controlled by malware.